This is safer than storing a pointer to a stack variable in the
cleanup function since we don't need to worry about it ever going
out of scope. Quiets a clang 15 analyzer warning.
The noexec and intercept DSO settings may now include both a 32-bit
DSO and a 64-bit DSO specified by a colon. For example:
/usr/libexec/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so.
Previously, sudo only checked that the fd was a terminal, not that
it matched sudo's idea of the user's terminal. This matters when
input or output is redirected to a different terminal. In that
case we want to interpose the fd with a pipe even if it refers to
a terminal. Bug #1056.
This fixes a problem with "stair-stepped" output when the sudo-run
command's output is piped to another program and the command reads
input from the terminal.
Add cmnd_foreground flag that is only true if sudo is the foreground
process and the CD_EXEC_BG flag is not set and pass it to exec_monitor().
This means exec_monitor() no longer needs to check for CD_EXEC_BG.
The format value has to be a string literal, every time.
Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
macOS does not support direct access to the environ pointer from a
shared object. We need to redirect through _NSGetEnviron() instead.
Fixes GitHub issue #276.
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first
file that exists is used.
This should avoid problems on Linux in cases where sudo does not
have CAP_SYS_RESOURCE which may be the case in an unprivileged container.
GitHub issue #42
When a command is run via "sudo -b" it has no access to terminal
input. In non-pty mode, the command runs in an orphaned process
group and reads from the controlling terminal fail with EIO. We
cannot do the same while running in a pty but if we set stdin to a
half-closed pipe, reads from it will get EOF. That is close enough.
Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.
